23 Flags
Flags are conceptually similar to bookmarks. They associate a name with a given offset in a file. Flags can be grouped into ‘flagspaces’. A flagspace is a namespace for flags, grouping together flags of similar characteristics or type. Examples for flagspaces: sections, registers or symbols.
To create a flag:
[0x100003ba0]> f flag_name @ offsetYou can remove a flag by appending the - character to command. Most commands accept - as argument-prefix as an indication to delete something.
[0x100003ba0]> f-flag_nameTo switch between or create new flagspaces use the fs command:
[0x100003ba0]> fs?
Usage: fs[l-mrs?] # Manage flagspaces
| fs <name> # Add the flagspace
| fsl[jq] # Display flagspaces
| fs- <name> # Remove the flagspace
| fs-* # Remove all flagspaces
| fsm # Move the flags at the current address to the current flagspace
| fsr <newname> # Rename the flag space
| fss<+-l> # Manage the flagspace stack
[0x100003ba0]> fsl
| 0 * classes
| 108 * functions
| 84 * imports
| 0 * platform.ports
| 87 * pointers
| 0 * registers
| 0 * registers.extended
| 0 * registers.mmio
| 91 * relocs
| 13 * sections
| 3 * segments
| 95 * strings
| 55 * symbolsHere you can find some command examples using flagspaces:
[0x100003ba0]> fs symbols ; select only flags in symbols flagspace
[0x100003ba0]> fsl
0 . classes
108 . functions
84 . imports
0 . platform.ports
87 . pointers
0 . registers
0 . registers.extended
0 . registers.mmio
91 . relocs
13 . sections
3 . segments
95 . strings
55 * symbols ; symbols are selected
[0x100003ba0]> fl ; list only flags in symbols flagspace
[0x100003ba0]> fs * ; select all flagspaces
[0x100003ba0]> f myflag ; create a new flag called 'myflag'
[0x100003ba0]> f-myflag ; delete the flag called 'myflag'You can rename flags with fr.
23.0.1 Local flags
Every flag name should be unique for addressing reasons. But it is quite a common need to have the flags, for example inside the functions, with simple and ubiquitous names like loop or return. For this purpose you can use so called “local” flags, which are tied to the function where they reside. It is possible to add them using f. command:
[0x00003a04]> pd 10
│ 0x00003a04 48c705c9cc21. mov qword [0x002206d8], 0xffffffffffffffff ;
[0x2206d8:8]=0
│ 0x00003a0f c60522cc2100. mov byte [0x00220638], 0 ; [0x220638:1]=0
│ 0x00003a16 83f802 cmp eax, 2
│ .─< 0x00003a19 0f84880d0000 je 0x47a7
│ │ 0x00003a1f 83f803 cmp eax, 3
│ .──< 0x00003a22 740e je 0x3a32
│ ││ 0x00003a24 83e801 sub eax, 1
│.───< 0x00003a27 0f84ed080000 je 0x431a
││││ 0x00003a2d e8fef8ffff call sym.imp.abort ; void abort(void)
││││ ; CODE XREF from main (0x3a22)
││╰──> 0x00003a32 be07000000 mov esi, 7
[0x00003a04]> f. localflag @ 0x3a32
[0x00003a04]> f.
0x00003a32 localflag [main + 210]
[0x00003a04]> pd 10
│ 0x00003a04 48c705c9cc21. mov qword [0x002206d8], 0xffffffffffffffff ;
[0x2206d8:8]=0
│ 0x00003a0f c60522cc2100. mov byte [0x00220638], 0 ; [0x220638:1]=0
│ 0x00003a16 83f802 cmp eax, 2
│ .─< 0x00003a19 0f84880d0000 je 0x47a7
│ │ 0x00003a1f 83f803 cmp eax, 3
│ .──< 0x00003a22 740e je 0x3a32 ; main.localflag
│ ││ 0x00003a24 83e801 sub eax, 1
│.───< 0x00003a27 0f84ed080000 je 0x431a
││││ 0x00003a2d e8fef8ffff call sym.imp.abort ; void abort(void)
││││ ; CODE XREF from main (0x3a22)
││`──> .localflag:
││││ ; CODE XREF from main (0x3a22)
││`──> 0x00003a32 be07000000 mov esi, 7
[0x00003a04]>23.0.2 Flag Zones
Rizin offers flag zones, which lets you label different offsets on the scrollbar, for making it easier to navigate through large binaries. You can set a flag zone on the current seek using:
[0x00003a04]> fz flag-zone-nameSet e scr.scrollbar=1 and go to the Visual mode, to see your flag zone appear on the scrollbar on the right end of the window.
See fz? for more information.